Cybersecurity training that builds trust, not frustration in the workplace is essential, but the methods used to educate staff can make or break workplace culture. Yarra Council’s recent phishing simulation, though well-intentioned, demonstrated how easy it is to send a phishing email but how much harder it is to create a positive cyber culture.
Phishing Simulations: A Double-Edged Sword
When Yarra Council staff received an email promising a festive eGift card, it turned out to be a phishing simulation. Instead of delivering holiday cheer, the email redirected employees to a training module on phishing awareness. While the intent was to teach, the execution left many feeling tricked and demoralised.
Sending a phishing email is easy. But building a workplace culture where cybersecurity awareness thrives requires trust, transparency, and respect. Misleading employees, even for training purposes, risks damaging morale and the collaborative spirit that underpins effective cybersecurity.
Why Cyber Security Training Must Foster Trust
Phishing scams are a growing threat, costing Australian organisations millions each year. Training staff to recognise these threats is crucial. However, organisations must ensure their approach strengthens, not erodes, employee relationships.
When cyber security measures rely on deception, employees may feel targeted or disrespected. A culture of fear or frustration is counterproductive. Instead, training should empower staff to see themselves as partners in protecting organisational data.
Building Positive Cybersecurity Practices
Effective cybersecurity training requires thoughtful execution. Here are steps to ensure training supports both security and workplace harmony:
- Avoid Deception: Don’t trick staff. Be upfront about training goals and methodologies.
- Engage Employees: Involve staff in developing cybersecurity policies. Their insights can lead to better acceptance and compliance.
- Focus on Education, Not Punishment: Provide clear, constructive feedback when simulations are used.
- Reinforce Positives: Celebrate successes, such as recognising employees who demonstrate awareness and quick responses.
- Promote Open Dialogue: Create opportunities for staff to share feedback and ask questions about cybersecurity policies.
Lessons from Yarra Council
While the Yarra Council phishing simulation sparked controversy, it also highlighted the importance of intentional and empathetic cybersecurity strategies. It’s not enough to mimic real-world threats—organisations must ensure that training builds confidence and collaboration.
A strong cyber culture is harder to achieve than sending a simulated phishing email, but the rewards are far greater. Employees who feel valued and respected are more likely to actively contribute to organisational security efforts.
Conclusion
Cybersecurity training that builds trust, not frustration should safeguard not only organisational systems but also workplace morale. The Yarra Council experience offers a key lesson: Tricking employees is easy, but creating a positive, security-conscious culture is what truly protects organisations. By fostering transparency and collaboration, businesses can turn cyber security training into an empowering experience for all.
Vertex Cyber Security can help you build great Cyber Security culture in your organisation. Contact us today!
